| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 09 Feb 2011 12:40:29 -0500 From: Justin Klein Keane <justin@...irish.net> To: full-disclosure@...ts.grok.org.uk Subject: Drupal Data Module Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Description of Vulnerability: Drupal (http://drupal.org) is a robust content management system (CMS) written in PHP and MySQL. The Drupal Data module (http://drupal.org/project/data) "helps you model, manage and query related sets of tables. It offers an administration interface and a low level API for manipulating tables and accessing their contents." The Data module contains multiple Cross Site Scripting (XSS) vulnerabilities because it fails to sanitize table descriptions, field names or labels before display. This results in multiple stored XSS as well as DOM based XSS vulnerabilities. Drupal site users with the ability to create or edit tables using the Data module could inject arbitrary HTML into administrative pages. The Data module also contains numerous SQL injection vulnerabilities because it fails to sanitize values for table names or column names before invoking SQL statements. This allows users with the ability to create or edit tables managed by the Data module to perform SQL injection attacks. Systems affected: Drupal 6.20 with Data 6.x-1.0-alpha14 was tested and shown to be vulnerable. Impact User could inject arbitrary scripts into pages affecting site users. This could result in administrative account compromise leading to web server process compromise. A more likely scenario would be for an attacker to inject hidden content (such as iframes, applets, or embedded objects) that would attack client browsers in an attempt to compromise site users' machines. This vulnerability could also be used to launch cross site request forgery (XSRF) attacks against the site that could have other unexpected consequences. Mitigating factors: In order to exploit this vulnerability the attacker must have credentials to an authorized account that has been assigned the permissions to administer or edit in the Data module. This could be accomplished via social engineering, brute force password guessing, or abuse or legitimate credentials. Vendor response: Drupal security team does not handle issues with pre-release versions of modules (such as alpha or dev). These issues were reported in the module's public issue queue (http://drupal.org/node/1056470). The text of this advisory has also been posted at http://www.madirish.net/?article=480 - -- Justin C. Klein Keane http://www.MadIrish.net The digital signature on this message can be confirmed using the public key at http://www.madirish.net/gpgkey -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iPwEAQECAAYFAk1S0Y0ACgkQkSlsbLsN1gBxpAcApo+e7x2yhchgc9zZOd2YVqVK nBt09nmIaQem+dO4fs9l+rQbbMj8ahFJMUH8W82iSRuDQQyhnRF5JTCWMlC3gij5 HbOaxLEkepxFzRkDuRdR/wsraSMsxYBJuRdrG8OM7riuFVSSpM2NIdZXjsX7RIJ1 YTNxCkKT6lMywvc7T4A3e3BQPhIKwceB1HhYuyMcWAZ8oMh69HvTlKQ2A5r8QH/S exJ4ML4nBY9f+0yE1x4DqtsGl54PPdCwW9shu1FPIr0URtPq21/9ozMFwZRBFuOg v+lB2+O0+9gMCjQrcLw= =lrWV -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists